Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1425
Views
0
Helpful
5
Replies

Not able to run any command thru console (Command authorization failed)

ohforce55
Level 1
Level 1

‎10-09-2017 06:59 AM - edited ‎02-21-2020 06:27 AM

Hi,

 

I currently upgraded the IOS of the firewall 5540.

Prior to the upgrade, I deleted the aaa commands in case I could get locked once it rebooted.

 

no aaa authentication serial console TACACS+ LOCAL
no aaa authentication enable console TACACS+ LOCAL
no aaa authorization command TACACS+ LOCAL

 

TACACS+ refers to the ACS.

 

After the upgrade, I added the aaa commands back and noticed that I couldn't run any command on console and got this error message

 

enc-wups-ex-vpnasa5540-1/act# sh run

Command authorization failed

 

As I typed any command, I got that error message.

If I removed "aaa authorization command TACACS+ LOCAL" I could run any command on console.

 

 

And, I could run any command thru SSH having those aaa commands.

 

My colleague resolved this issue. He said

 

remove it and logg off console

then add it from ssh

and then login

 

But I'm not sure when he said "remove it and logg off console"

Did he remove it on console? If he did, how could he remove it although he couldn't run any command?

Maybe he used local username?

 

Please help!

 

 

Thank you!

Labels:
0 Helpful
5 Replies 5

Flavio Miranda
VIP
VIP

‎10-09-2017 11:11 AM

Hello,

 

At first glance, your problem looks like to be user privilege on ACS. As per your description you only upgrade the ASA but make sure everything is ok on ACS. Maybe you can delete ASA as client on ACS and add it again. Do the same for your user.

 This can be some syncronization isseu between two platforms after upgrade..

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

ohforce55
Level 1
Level 1
In response to Flavio Miranda

‎10-09-2017 12:11 PM

Hi,

 

Thanks for your reply.

When I checked the ACS, there was no any issue.

I don't think this is the privilege issue as well because I could run any command before the upgrade with the credential.

0 Helpful

Spooster IT Services
Level 7
Level 7
In response to ohforce55

‎10-11-2017 11:36 AM

Hi  ohforce55,

 

Have you checked the event logs at ACS? that will give you a good idea that why ACS is unauthorizing you to enter any command.

Spooster IT Services Team
0 Helpful

Spooster IT Services
Level 7
Level 7
In response to ohforce55

‎10-11-2017 11:37 AM

Hi  ohforce55,
 
Have you checked the event logs at ACS? that will give you a good idea that why ACS is unauthorizing you to enter any command.

Spooster IT Services Team
0 Helpful

ohforce55
Level 1
Level 1
In response to Spooster IT Services

‎10-13-2017 07:26 AM

Hi,

 

There wasn't even the log for it since I couldn't run any command.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card